#
# (c) 2018 Open Source Geospatial Foundation - all rights reserved
# This code is licensed under the GPL 2.0 license, available at the root
# application directory.
#
#
org.geoserver.security.oauth2.OpenIdConnectAuthenticationFilter.name=OpenId Connect 
org.geoserver.security.oauth2.OpenIdConnectAuthenticationFilter.title=Authentication using OpenId Connect

OpenIdConnectAuthProviderPanel.login=OpenId Connect Login
OpenIdConnectAuthProviderPanel.logout=OpenId Connect Logout
OpenIdConnectAuthProviderPanel.short=OpenId Connect 
OpenIdConnectAuthProviderPanel.title=Authentication using OpenId Connect
OpenIdConnectAuthProviderPanel.description=Authenticates by looking up for a valid OpenId Connect access_token key sent as HTTP header

OpenIdConnectAuthProviderPanel.connectionParameters=OpenId connect provider connection
OpenIdConnectAuthProviderPanel.connectionParametersHelp.title=OpenId connect provider connection
OpenIdConnectAuthProviderPanel.connectionParametersHelp=<p>The URIs of the OpenId connect token service and user authorization.</p>

OpenIdConnectAuthProviderPanel.enableRedirectAuthenticationEntryPoint=Enable Redirect Authentication EntryPoint
OpenIdConnectAuthProviderPanel.enableRedirectAuthenticationEntryPointHelp.title=Enable Redirect Authentication EntryPoint
OpenIdConnectAuthProviderPanel.enableRedirectAuthenticationEntryPointHelp=If enabled overrides other filter chains

OpenIdConnectAuthProviderPanel.loginEndpoint=Login Authentication EndPoint
OpenIdConnectAuthProviderPanel.logoutEndpoint=Logout Authentication EndPoint

OpenIdConnectAuthProviderPanel.forceAccessTokenUriHttps=Force Access Token URI HTTPS Secured Protocol
OpenIdConnectAuthProviderPanel.accessTokenUri=Access Token URI
OpenIdConnectAuthProviderPanel.accessTokenUriHelp.title=Access Token URI
OpenIdConnectAuthProviderPanel.accessTokenUriHelp=The URL to use to obtain an OAuth2 access token.

OpenIdConnectAuthProviderPanel.forceUserAuthorizationUriHttps=Force User Authorization URI HTTPS Secured Protocol
OpenIdConnectAuthProviderPanel.userAuthorizationUri=User Authorization URI
OpenIdConnectAuthProviderPanel.userAuthorizationUriHelp.title=User Authorization URI
OpenIdConnectAuthProviderPanel.userAuthorizationUriHelp=The URI to which the user is to be redirected to authorize an access token.

OpenIdConnectAuthProviderPanel.redirectUri=Redirect URI
OpenIdConnectAuthProviderPanel.redirectUriHelp.title=Redirect URI
OpenIdConnectAuthProviderPanel.redirectUriHelp=<p>The redirect URI that has been pre-established with the server.</p>  \
 <p>Default is: <strong>http://localhost:8080/geoserver</strong></p>  \
 <p>Specify the reachable URI of your GeoServer instance</p>
 
OpenIdConnectAuthProviderPanel.checkTokenEndpointUrl=Check Token Endpoint URL
OpenIdConnectAuthProviderPanel.checkTokenEndpointUrlHelp.title=Check Token Endpoint URL
OpenIdConnectAuthProviderPanel.checkTokenEndpointUrlHelp=Used by the Token Services to validate the <b>access_token</b>

OpenIdConnectAuthProviderPanel.logoutUri=Logout URI
OpenIdConnectAuthProviderPanel.logoutUriHelp.title=Logout URI
OpenIdConnectAuthProviderPanel.logoutUriHelp=The URI to which the user is to be redirected when performing a logout.

OpenIdConnectAuthProviderPanel.scopes=Scopes
OpenIdConnectAuthProviderPanel.scopesHelp.title=Scopes
OpenIdConnectAuthProviderPanel.scopesHelp=<p>The comma-separated scopes of this resource.</p>  \
 <p>Scopes are needed in order to ask the OAuth2 Provider for user details, which will be used to authorize him.</p>

OpenIdConnectAuthProviderPanel.cliendId=Client ID
OpenIdConnectAuthProviderPanel.cliendIdHelp.title=Client ID
OpenIdConnectAuthProviderPanel.cliendIdHelp=The client identifier to use for this protected resource.

OpenIdConnectAuthProviderPanel.clientSecret=Client Secret
OpenIdConnectAuthProviderPanel.clientSecretHelp.title=Client Secret
OpenIdConnectAuthProviderPanel.clientSecretHelp=The client secret key, provided by the OAuth2 Provider.

OpenIdConnectAuthProviderPanel.principalKey=Principal key
OpenIdConnectAuthProviderPanel.principalKeyHelp.title=Key identifying the principal
OpenIdConnectAuthProviderPanel.principalKeyHelp=The Oauth2 server replies to user verification with a JSON document, \
  this entry specifies with JSON key should be used as the principal, or user name, in GeoServer

DiscoveryPanel.discovery=OpenID Discovery document
DiscoveryPanel.discover=Discover
DiscoveryPanel.discoveryURLKeyHelp.title=Discovery
DiscoveryPanel.discoveryURLKeyHelp=<p>Automatically fill in the connection parameters from a OpenID Discovery document</p>
DiscoveryPanel.discoveryError=Could not look-up discovery information: {0}


OpenIdConnectAuthProviderPanel.jwkURI=JSON Web Key set URI
OpenIdConnectAuthProviderPanel.jwkURIHelp.title=JSON Web Key set URI
OpenIdConnectAuthProviderPanel.jwkURIHelp=Link to a set of JSON Web Key, as a JSON document. Used to validate the Id Token signature. 

OpenIdConnectAuthProviderPanel.enforceTokenValidation=Enforce Token Validation
OpenIdConnectAuthProviderPanel.enforceTokenValidationHelp.title=Enforce Token Validation
OpenIdConnectAuthProviderPanel.enforceTokenValidationHelp=Check this option to enforce the validation of the token signature.

OpenIdConnectAuthProviderPanel.responseMode=Response Mode
OpenIdConnectAuthProviderPanel.responseModeHelp.title=Response Mode
OpenIdConnectAuthProviderPanel.responseModeHelp= The value tells how the OpenId server should return the authorization \
  code value to GeoServer. The code should always be returned as a query string. This field is meant thus to set the \
  response mode accordingly for those OpenId server that return by default the code in different ways (eg. url fragment \
  or in the request payload.  

OpenIdConnectAuthProviderPanel.sendClientSecret=Send Client Secret in Token Request
OpenIdConnectAuthProviderPanel.sendClientSecretHelp.title=Send Client Secret in Token Request
OpenIdConnectAuthProviderPanel.sendClientSecretHelp= Check this option if the OpenId server requires a confidential client \
  to send the client_secret in the token response (eg. ADFS and Azure AD).

OpenIdConnectAuthProviderPanel.allowUnSecureLogging=Log Sensitive Information (do not use in production)
OpenIdConnectAuthProviderPanel.allowUnSecureLoggingHelp.title=Log Sensitive Information
OpenIdConnectAuthProviderPanel.allowUnSecureLoggingHelp=Check this option if you want to log more sensitive information \
  (i.e. tokens).  This is useful when debugging an OIDC configuration that isn't working correctly. 

OpenIdConnectAuthProviderPanel.bearerTokens=Bearer Tokens
OpenIdConnectAuthProviderPanel.allowBearerTokens=Allow Attached Bearer Tokens
OpenIdConnectAuthProviderPanel.allowBearerTokensHelp.title=Allow Attached Bearer Tokens
OpenIdConnectAuthProviderPanel.allowBearerTokensHelp=Allow Bearer Tokens to be attached to the HTTP requests for access. <br>  \
  This is typically used by automated (i.e. desktop or external Web Service) to access the Geoserver REST API. <br> \
  Bearer Tokens are Access Tokens created by the Open ID Connect system (defined above). <br> \
  Since ID Tokens are not present in this mode, do NOT select "ID Token" for the Role Source. <br> <br>  \
  If you do not need Bearer Token functionality, it is recommended to turn this off.
OpenIdConnectAuthProviderPanel.invalidBearerRoleSource=Bearer Tokens are not compatible with ID Token Role Source
OpenIdConnectAuthProviderPanel.invalidMSGraphURL=You specified MSGraphAPI as the Role Provider, but your "userinfo" endpoint doesn't look like an MS Graph endpoint.

OpenIdConnectAuthProviderPanel.PKCE=Proof Key of Code Exchange
OpenIdConnectAuthProviderPanel.usePKCE=Use PKCE
OpenIdConnectAuthProviderPanel.PKCEHelp.title=Use Proof Key of Code Exchange
OpenIdConnectAuthProviderPanel.PKCEHelp=Use Proof Key of Code Exchange (PKE) as an additional guard against code interception.\
  The client generates a code_verifier to be added to the OAuth authorization URL. The code_verifier is used in the final \
  authorization code for token exchange. The use of PKCE is recommended in cases where client code is public and use of \
  client id and a client secret may be discovered.

OpenIdConnectAuthProviderPanel.postLogoutRedirectUri=Post Logout Redirect URI
OpenIdConnectAuthProviderPanel.postLogoutRedirectUriHelp.title=Post Logout Redirect URI
OpenIdConnectAuthProviderPanel.postLogoutRedirectUriHelp=<p>The URI to which the user should be redirected from the OpenId provider once a global logout has been completed</p>

RoleSource.IdToken=ID Token
RoleSource.AccessToken=Access Token
RoleSource.UserInfo=UserInfo Endpoint
RoleSource.MSGraphAPI=Microsoft Graph API (Azure AD)

TokenClaimPanel=Token roles claim
